1. Field of the Present Invention
The present invention generally relates to the field of data processing and more particularly to a method and implementation for secured or authenticated access to a storage area network, particularly, a Fibre Channel compliant storage area network.
2. History of Related Art
In the field of data processing, the rapidly growing number of data intensive applications has produced a seemingly insatiable demand for raw data storage capacity. Meeting the demands of applications such as data warehousing, data mining, on-line transaction processing, and multimedia internet and intranet browsing requires approximately twice as much new storage capacity each year. In addition, the number of network connections for server-storage subsystems is also rapidly increasing. With the rise of client networking, data intensive computing applications, and electronic communications applications, virtually all network stored data is mission critical. Increased reliance on being able to access networked stored data is challenging the limitations of traditional server-storage systems. As a result, adding more storage, servicing more users, and backing up more data have become never ending tasks. The parallel Small Computer System Interface (SCSI) bus widely used for server-storage connectivity on Local Area Network (LAN) servers is imposing severe limits on network storage. Compounding these limits is the traditional use of LAN connections for server-storage backup which detracts from usable client bandwidth.
The Storage Area Network (SAN) is an emerging data communications platform that interconnects servers and storage at Gigabaud speeds. SAN attempts to eliminate the bandwidth bottlenecks and scalability limitations imposed by SCSI architectures by integrating LAN networking models with the core building blocks of server performance and mass storage capacity. The Fibre Channel protocol is a widely endorsed open standard for the SAN environment. Fibre Channel combines high bandwidth and high scalability with multiple protocol support, including SCSI and IP, over a single physical connection. This enables the SAN to serve as both a server interconnect and as a direct interface to storage devices and storage arrays.
Unfortunately, the openness that is at least partially responsible for the increasing prevalence of Fibre Channel storage area networks, creates a potentially significant security issue for a tremendous number of large (as well as small) and highly valued databases. As an open standard, the Fibre Channel network is susceptible to many of the same security concerns as the Internet. A malicious hacker who was able to gain control of a host bus adapter connected to a Fibre Channel switch may be able to alter, delete, or otherwise damage data across the entire SAN. An unauthorized user who gains access to a Fibre Channel fabric attached element can compromise a Fibre Channel switch in at least three ways. First, the user may write software to use the existing Fibre Channel device interface to compromise the fabric operating environment. Second, the user could install device level drivers that try to compromise the fabric operating environment at the Fibre Channel physical and signaling interface (FC-PH) level. Third, the user could install a doctored host bus adapter that has hardware or micro-code that tries to exploit the fabric operating environment at the FC-PH level. Therefore, it would be highly desirable to implement a secure and cost effective mechanism for assuring the integrity of transactions that occur on a SAN network.